One-time password generators (e.g., tokens) are devices or software that generate a series of pseudorandom sequences (“passwords”) used, for example and without limitation, for user authentication and access to computer accounts associated with banking transactions, brokerage accounts and the like. Most typically, the OTP sequences are recalculated frequently (e.g., every 60 seconds), such that any given password is likely to be valid for only a single transaction (hence, they are known as “one-time” passwords), after which the token recalculates a new password based on the previous password. Typically, when a user desires to access a particular account, the user enters a personal identification number (PIN) concatenated with a currently displayed OTP sequence via a user interface. An authentication entity (e.g., server) calculates OTP sequences using the same mathematical algorithm as the token, thus producing a series of OTP sequences in time-synchronization with the token. The authentication entity also correlates the OTP sequences with the users PIN and can therefore authenticate a valid user if the OTP sequence entered by the user associated with a particular PIN matches the corresponding OTP sequence generated by the authentication entity. The use of tokens for generating one-time passwords is considered more secure than alternative mechanisms for accessing accounts (for example, using static passwords, personal identification numbers (PINS) and/or automated teller machine (ATM) cards).
While OTP tokens offer important security benefits, they raise some problems relating to implementation and human factors issues. One problem is that many OTP implementations require a separate physical token per account which is unappealing to many customers and businesses. A related problem is that OTP tokens must be replaced periodically as they age and their battery life dies. Related patent application Ser. No. 11/732,199 is directed to addressing these problems by describing a manner of providing multiple OTP generators on a single rechargeable device (e.g., a cell phone), thus obviating the need for a user to carry multiple physical tokens and the need to replace tokens due to aging batteries.
However, to further enhance this approach, a need exists for a mechanism for selectively capturing (or “peeling off”) one or more tokens from among the multiple OTP generators of a primary device and replicating (or “cloning”) the selected OTP tokens to another device while maintaining OTP state and functionality. These features are needed for reasons including, without limitation, to guard against actual or prospective loss of synchronization (“loss of synch”) of a token maintained by the primary device (which may occur upon shut-off or battery consumption of the primary device), to create additional copies in case the primary device is lost or stolen, or to allow a user to loan or share an OTP token from the primary device without relinquishing possession of the primary device. Still further, when offloading OTP functionality from a primary device to another device, a need exists to provide a mechanism for transferring OTP functionality back to the primary device or replacement device, for example, to resurrect OTP functionality following loss of sync of a primary device. The present invention is directed to addressing these needs.